Cybercriminals differentiate their ‘access to compromised PCs’ service proposition, emphasize on the prevalence of ‘female bot slaves’

From Bitcoin accepting services offering access to compromised malware infected hosts and vertical integration to occupy a larger market share, to services charging based on malware executions, we’ve seen multiple attempts by novice cybercriminals to introduce unique value propositions (UVP). These are centered on differentiating their offering in an over-supplied cybercrime-friendly market segment. And that’s just for starters. A newly launched service is offering access to malware infecting hosts, DDoS for hire/on demand, as well as cryptingmalware before the campaign is launched. All in an effort to differentiate its unique value proposition not only by vertically integrating, but also emphasizing on the prevalence of ‘female bot slaves’ with webcams.

Sample screenshot of the cybercriminal’s underground market proposition showcasing some of the “inventory”:

Here’s a breakdown of the prices. A 100 bots that will also get resold to the next prospective buyer are offered for $5. A rather surprising monetization approach, given that once a cybercriminal gets access to a host, the first thing he’d usually do, is to remove competing malware from it. The novice cybercriminal is also offering 100 bots that will not be resold to anyone but the original buyer for $7. Moreover, 300 bots converted directly to malware infected hosts through an exploit kit are offered for $35, followed by the option offered as a separate service, namely, to obfuscate the actual malware for $3 per sample using a public crypter, and $5 using a private one. The boutique cybercrime-friendly shop is also offering DDoS for hire/on demand service, with the prices starting from $2 for one hour of DDoS attack. What we’ve got here is a very good example of UVP-aware novice cybercriminal, that’s basically having hard time trying to pitch commoditized underground market assets.

The novice cybercriminal’s attempt to monetize his fraudulently obtained underground market assets are worth discussing in the broader context of today’s mature cybercrime ecosystem. In particular, the emergence of propositions pitched by novice cybercriminals, who’d monetize virtually anything that can be monetized, including commoditzed goods and services, at least in the eyes of sophisticated attackers. This ongoing lowering of the entry barriers into the world of cybercrime, inevitably results in in the acquisition of capabilities and know-how which was once reserved exclusively to sophisticated attackers.

We expect to continue observing an increase of (international) underground marketplace proposition pitched by novice cybercriminals, to fellow novice cybercriminals, largely thanks to the general availability of leaked/cracked/public malware/botnet generating tools and kits.